CVE-2023-48677
Last modified
CVE-2023-48677 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Acronis | Cyber Protect Home Office | < 40901 |
References
- https://security-advisory.acronis.com/advisories/SEC-5620Vendor Advisory
- https://security-advisory.acronis.com/advisories/SEC-5620Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-48677?
How severe is CVE-2023-48677?
How do I fix CVE-2023-48677?
Are you affected by CVE-2023-48677?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST